CVE-2024-23766

Name of the Vulnerable Software and Affected Versions HMS Anybus X-Gateway AB7832-F 3 devices

Description The issue concerns the exposure of a web interface on port 80, allowing an unauthenticated GET request to a specific URL to trigger the reboot of the gateway or most of its modules. This can be exploited to carry out a denial of service attack by continuously sending GET requests to that URL.

Recommendations For HMS Anybus X-Gateway AB7832-F 3 devices, as a temporary workaround, consider restricting access to the web interface on port 80 to minimize the risk of exploitation. Avoid using the vulnerable URL in the web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.